Archive for the ‘security’ Category.
June 10, 2003, 9:22 pm
CoVirt Project Home Page (University of Michigan):
The CoVirt project is investigating how to use virtual machines to provide security in an operating-system-independent manner. Virtual-machine security services can work even if an attacker gains complete control over the guest operating system….
Another potential challenge of using virtual machines is that running all applications above the virtual machine hurts performance due to virtualization overhead…
We modified a host OS (Linux) to enable it to better support a virtual-machine monitor. The resulting virtual-machine monitor and modified guest OS (based on UMLinux) runs even kernel-intensive applications at about 14-35% overhead…
We have designed and implemented a replay service for virtual machines called ReVirt. ReVirt logs enough information to replay a long-term execution of a virtual machine instruction-by-instruction. This enables it to provide arbitrarily detailed observations about what transpired on the system, even in the presence of non-deterministic attacks and executions…
We designed and implemented a system called BackTracker that will help system administrators understand (and thereby recover from) an intrusion. BackTracker automatically identifies potential sequences of steps that occurred in an intrusion. Starting with a single detection point (e.g. a suspicious file), BackTracker identifies files and processes that could have affected that detection point and displays chains of events in a dependency graph.
June 5, 2003, 10:06 am
Organization for Internet Safety: Draft Security Vulnerability Reporting and Response Process
«
The draft Security Vulnerability Reporting and Responding Process is available for public comment until 7 July, 2003.
»
May 28, 2003, 4:38 pm
Crosby and Wallach (Rice University): Denial of Service via Algorithmic Complexity Attacks, includes source code for a universal hashing library with good performance.
«
We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications’ data structures. Frequently used data structures have “average-case” expected running time that’s far more efficient than the worst case. For example, both binary trees and hash tables can degenerate to linked lists with carefully chosen input. We show how an attacker can effectively compute such input, and we demonstrate attacks against the hash table implementations in two versions of Perl, the Squid web proxy, and the Bro intrusion detection system. Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks.
»
May 23, 2003, 8:36 am
CRN: Daily Archives:
«
Rule #915, released Tuesday, contained a routine that quarantined all incoming e-mail containing the letter P. Trend Micro discovered the bug soon after releasing Rule #915 and issued Rule #916 to fix it an hour and a half later.
The eManager product is unrelated to Trend Micro’s antivirus software or its Spam Prevention Service (SPS), which was released in March, the spokesman said.
»
May 21, 2003, 4:45 pm
Wired News: Pentagon Defends Data Search Plan: « The Pentagon submitted a report to Congress on Tuesday that said the Total Information Awareness program is not the centralized spying database its critics say it is. »
May 8, 2003, 1:39 pm
Ed Felten
comments on copyright owners flooding P2P networks with bogus data:
… my prediction is that at least some file-sharing vendors will try adopting reputation systems, and that after a few false starts they will find a way to make those systems at least modestly successful to combating decoy tactics …
and I cannot help but correlate this to the other network (SMTP email) being flooded with bogus data (spam), and, lo, by coincidence,
yesterday’s
TRIPOLI proposal from Lauren Weinstein’s proposal that can be roughly be described (my words) as web-of-trust or certification-of-reputation, applied to email.
May 6, 2003, 12:19 pm
NWC | Review | Security | Arming Your Top Security Guns | | May 1, 2003:
«
If you’ve found yourself in one of these situations–and using raw tools to generate network security testing traffic seems perfectly normal to you–there’s a good chance you could have cranked out your testing tool quickly using Hailstorm Protocol Modeler, the flagship product from Cenzic, a company co-founded by famous hacker and security expert Greg Hoglund. (We use the term hacker here in the proper sense: an extremely clever programmer.)
»
